This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-22--191884136
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


On Mar 26, 2006, at 10:22 PM, David Blacka wrote:

>
>> Rather than going into that detail, I propose that we choose the
>> path of simplicity and eliminate the delegation-only requirement.

>
> I'm not sure that is the simplest path. A seemingly great number
> of questions about how opt-in works are essentially answered with
> "that can't happen because it is delegation-only". Like, for
> instance, can you opt out the zone apex (no) ? can you opt-out a
> wildcard (no) ? So we would have to replace "delegations only"
> with a possible more complex set of rules.
>


Besides, the delegation only requirement the result of endless and
heated debates about the change in the security model that we had
when opt-in first came to the table.

I prefer we do not try to relive that era.



> I.e., by issuing a query for possible-delegation/IN/NS to the parent.


Would querying for a DS at that parent work? I would think that that
would be the regular fall back when trying to build a chain of trust?



--Olaf


-----------------------------------------------------------
Olaf M. Kolkman
NLnet Labs
http://www.nlnetlabs.nl/




--Apple-Mail-22--191884136
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: This message is locally signed.

iD8DBQFEJ/3EtN/ca3YJIocRAvrVAKDYL7eWPjFqfhMK3oOllzFSW2MVPQCeK1sF
QzTB74zLOIBHd9QHyTspUXs=
=/z4v
-----END PGP SIGNATURE-----

--Apple-Mail-22--191884136--

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: